In the claims 

Ca^e^claims 1-15, 17- 28, and 30-56 without prejudice or disclaimer. 
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1 (JNv (Once Amended) A system for maintaining security in a distributed computing 



environmenbscompnsing: 




a policy manager for managing a security policv;^and 

an application guardW managing access to securable components as specified by 

the security policy; 
[The system of claim 1,] wherein the^agplication guard further allows for 

additional customized code to process**™! evaluate authorization requests 

based on the additional customized code. 




(Once Amended) A system for controlling user access in a distributed computing 
environment comprising: 

a glo^tl policy specifying access privileges of the user to securable components; 
a policy manner located on a server for managing and distributing a local client 
policy basebvqn the global policy to a client, and 




an application guard located on the client- for managing access to the securable 

components as specifiec^yVhe local client policy; 
[The system of claim 18,] wherein thfevapplication guard further allows for 

additional customized code to process and evaluate authorization requests 

based on the additional customized code. 
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d new claims 57-89 



57. A system for maintaining security in a distributed computing environment, 
comprising: 

a policy manager forVnanaging a security policy; and 
an application guard for managing access to securable components including at 
least one application as specified by the security policy. 
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58. A system for maintaining 

comprising: 

a policy manager for man 
an application guard for 
function within 



59. A system for maintaining ; 



an 



security in a distributed computing environment, 
ging a security policy; and 

anaging access to securable components including a 
application as specified by the security policy. 



security in a distributed computing environment, 



comprising: 

a policy manager for managing a security policy; and 
an application guard for managing access to securable components including a 
procedure witmin an application as specified by the security policy. 
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60. A system for maintaining security in a distributed computing environment, 
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comprising: 

a policy manager fo 
an application guarc 
data structure 



managing a security policy; and 

for managing access to securable components including a 
within an application as specified by the security policy. 



61. A system for maintaining security in a distributed computing environment, 
comprising: 

a policy manager |or managing a security policy; and 

an application guard for managing access to securable components including a 
database/object referenced by an application as specified by the security 
policy j 

62. A system fqr maintaining security in a distributed computing environment, 
comprising: 

a policy manager for managing a security policy; and 
an applic ation guard for managing access to securable components including a 

le system object referenced by an application as specified by the security 
policy. 



5 



1 

2 
3 
4 
5 

1 
2 
3 
4 
5 

1 
2 
3 
4 
5 

1 
2 
3 
4 
5 



comprising 




63. A method for maintaining security in a distributed computing environment, 



aging a security policy via a policy manager; and 



managing access via an 
leaV one applic 



application guard to securable components including at 
tion as specified by the security policy. 



64. A method for n\aintainin|g security in a distributed computing environment, 
comprising: 

managing a security policy via a policy manager; and 

managing access v^ia an application guard to securable components including a 
function within an application as specified by the security policy. 

65. A method for mainlaining security in a distributed computing environment, 



comprising: 



managing a security 



Pt 



managing access via ai 



1 



procedure wfthi 



icy via a policy manager; and 

application guard to securable components including a 
n an application as specified by the security policy. 



66. A method for maintaining security in a distributed computing environment, 
comprising: 

managing a security polcy via a policy manager; and 
managing access via an application guard to securable components including a 
data structure witFuns^n application as specified by the security policy. 
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67. A method for maintaining security in a distributed computing environment, 
comprising: 

managing a security policy via a policy manager; and 

managing access via an Application guard to securable components including a 
database object referenced by an application as specified by the security 
policy. 

68. A method for maintaining security in a distributed computing environment, 
comprising: 

managing a security pjblicy via a policy manager; and 

managing access via /an application guard to securable components including a 

file system qbject referenced by an application as specified by the security 
policy. 



1 69. A method for maintaining security in a distributed computing environment, 

2 comprising: / 

managing a security policy via a policy manager; and 

t 

\ 

managing via an application guard access to securable components as specified by 
the security policy; 



wherein the application guard further allows for additional customized code to 

tt 

process and evaluate authorization requests based on the additional 
customized code. 
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1 70. A method for controlling user access via a system in a distributed computing 

2 environment, comprising: \ 

3 specifying access privileges of the user via a global policy to securable 

4 components; 

5 managing and distributing via a policy manager a local client policy based on the 

6 global policy lodated on a server to a client, and 

7 managing access via an application guard located on the client to the securable 

8 components as/specified by the local client policy; 

9 wherein the application guard further allows for additional customized code to 

10 process and elvaluate authorization requests based on the additional 

11 customized code. 

1 71. A method for authorization that provides access to securable components of a 

2 system for a user, comprising: 

3 specifying access privileges of the user via a policy to the securable components 

4 managing access via an application guard to the securable components; and 

5 executing via a processor coupled to said system said application guard; 

6 wherein the ap plication guard further allows for additional customized code to 

7 process and evaluate authorization requests based on the additional 

8 customized code. 
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72. A method for\providing a system for maintaining security in a distributed 
computing environment, comprising: 

providing a policy manager for managing a security policy; and 
providing an application guard for managing access to securable components 
including atueast one application as specified by the security policy. 

73. A method for providing a system for maintaining security in a distributed 
computing environment, comprising: 

providing a policy manager for managing a security policy; and 

providing an application guard for managing access to securable components 

including ^function within an application as specified by the security 

policy. 

74. A method for providing a system for maintaining security in a distributed 
computing environment, comprising: 

providing a policy manager for managing a security policy; and 

providing anj application guard for managing access to securable components 

including a procedure within an application as specified by the security 

polk 
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75. A method for providing a system for maintaining security in a distributed 
computing environment, comprising: 

providing a policy maniger for managing a security policy; and 
providing an application guard for managing access to securable components 

including a data structure within an application as specified by the security 

policy. 

76. A method for providing A system for maintaining security in a distributed 
computing environment, comprising: 

providing a policy manager for managing a security policy; and 

providing an application guard for managing access to securable components 

including a database object referenced by an application as specified by 

the security policy. 

77. A method for providing a system for maintaining security in a distributed 
computing environment, comprising: 

providing a policy manager for managing a security policy; and 

providing an application guard for managing access to securable components 

including a file system object referenced by an application as specified by 

the security policy. 
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78. A method for providing a system for maintaining security in a distributed 
computing environment, comprising: 

providing a policy manager for managing a security policy; and 

providing an application guard for managing access to securable components as 

specified by the security policy; 
wherein the application g uard further allows for additional customized code to 
process and evaluate authorization requests based on the additional 
customized code 



79. A method for providing a system for controlling user access in a distributed 
computing environment, comprising: 

providing a global golicy specifying access privileges of the user to securable 
components; 

providing a policy manager located on a server for managing and distributing a 

local client policy based on the global policy to a client, and 
providing an application guard located on the client for managing access to the 

securable components as specified by the local client policy; 
wherein the ap plication guard further allows for additional customized code to 
process and evaluate authorization requests based on the additional 
customized code. 
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80. A method for providing a system for authorization that provides access to 
securable components for a user, comprising: 

providing a policy specifying access privileges of the user to the securable 

components; 
providing an application feuard; and 
providing a processor coupled to said system, said processor executing said 

application guard ;o manage access to the securable components; 
wherein the application guard further allows for additional customized code to 

process and evaluate authorization requests based on the additional 

customized code. 



81. A computer readable storage medium having stored thereon a method for 
maintaining security in a distributed computing environment comprising the steps of: 
managing a security pojicy via a policy manager; and 

managing access via aft application guard to securable components including at 



least one appl 



82. A computer readable 



:ation as specified by the security policy. 



storage medium having stored thereon a method for 
maintaining security in a distributed computing environment comprising the steps of: 
managing a security policy via a policy manager; and 

managing access via an application guard to securable components including a 
function within an application as specified by the security policy. 
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83. A computer readable storage medium having stored thereon a method for 
maintaining security in a\listributed computing environment comprising the steps of: 

managing a securit^ policy via a policy manager; and 

\ 

managing access via\an application guard to securable components including a 
procedure within an application as specified by the security policy. 



84. A computer readable storage medium having stored thereon a method for 
maintaining security in a distributed computing environment comprising the steps of: 

managing a security policy via a policy manager; and 

managing access/via an application guard to securable components including a 
data structure within an application as specified by the security policy. 

85. A computer readable storage medium having stored thereon a method for 
maintaining security in a distributed computing environment comprising the steps of: 

managing a security policy via a policy manager; and 

managing^access via an application guard to securable components including a 
database object referenced by an application as specified by the security 
)licy. 
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86. A computer readable storage medium having stored thereon a method for 

t 
\ 

\ 

maintaining security in a distributed computing environment, comprising: 
managing a security policy via a policy manager; and 

managing access via an application guard to securable components including a 

file systepri object referenced by an application as specified by the security 
policy. 

87. A computer readable storage medium having stored thereon a method for 
maintaining security in a distributed computing environment comprising the steps of: 

managing a security policy via a policy manager; and 

managing via an application guard access to securable components as specified by 
policy; 

ition guard further allows for additional customized code to 
process an<fl evaluate authorization requests based on the additional 
customized code. 



the security 
wherein the applies! 
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88. A compu :er readable storage medium having stored thereon a method for 
controlling user access via a system in a distributed computing environment, comprising 
the steps of: 

specifying access privileges of the user via a global policy to securable 
components; 

managing and distributing via a policy manager a local client policy based on the 

global policy located on a server to a client, and 
managing access via an application guard located on the client to the securable 



component 
wherein the applicc 
process anc 
customizec 

89. A computer readab 
authorization that provides 



as specified by the local client policy; 
tion guard further allows for additional customized code to 
evaluate authorization requests based on the additional 

ode. 

j storage medium having stored thereon a method for 
access to securable components of a system for a user, 



comprising: 

specifying access Privileges of the user via a policy to the securable components 
managing access via an application guard to the securable components; and 
executing via a processor coupled to said system said application guard; 
wherein the application guard further allows for additional customized code to 
process and evaluate authorization requests based on the additional 
customized code, 
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